Detailed Description

HMAC_DRBG algorithm.

This algorithm is designed to comply with ANS X9.82 Part 3-2007 Section 10.2.2.2. This standard is not freely available, but most of the text appears to be shared with NIST SP 800-90, which can be downloaded from

Where possible, references are given to both documents. In the case of any disagreement, ANS X9.82 takes priority over NIST SP 800-90. (In particular, note that some algorithms that are Approved by NIST SP 800-90 are not Approved by ANS X9.82.)

The nonce must be included within the entropy input (i.e. the entropy input must contain at least 3/2 * security_strength bits of entropy, as per ANS X9.82 Part 3-2007 Section 8.4.2 (NIST SP 800-90 Section 8.6.7).

The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.